TalkTalk customers remain at serious risk of cyber-attacks due to gaping security holes in the company’s online services, weeks after the high-profile hack that saw the personal details of 157,000 customers stolen.

Security researchers say they have uncovered a series of vulnerabilities on TalkTalk’s website and email services that could allow hackers to steal email address, password and financial data due to basic oversights.

In the wake of the October attack that saw bank account numbers, credit card details and other details stolen, the broadband operator says it has taken major steps to improve security in an attempt to restore its reputation.

However, several parts of its website remain unencrypted, as do parts of its email services, according to Codified Security, a mobile cybersecurity testing firm.

The vulnerabilities mean that hackers with access to a customer's internet connection could intercept communications, direct victims to malicious websites or snoop on sensitive data. People are typically vulnerable to these kinds of attacks on public Wi-Fi networks, such as those at coffee shops and airports.

Martin Alderson, Codified’s chief technology officer, said the vulnerabilities the company had discovered were almost unheard of among major technology companies, and could be discovered within seconds of going on the TalkTalk website.

He said Codified had found several instances of industry-standard safety techniques not being implemented on TalkTalk’s website. The Sunday Telegraph has verified these, although it is not publishing the specific vulnerabilities.

“I would be surprised if any start-up, let alone a FTSE 250 company, would do this," Mr Alderson said. "If you were a security professional you’d find [these flaws] in a few seconds.”

Codified says it contacted TalkTalk two weeks ago about the vulnerabilities but has had no response, although TalkTalk says it has no record of any contact from the firm.

A spokesman for TalkTalk said the company was working to improve security. "We cannot go into detail on specific aspects of our website and email platforms for obvious security reasons, however the security of our systems is a top priority and we constantly run vulnerability checks using tools developed by industry-leading experts,” a spokesman said.

TalkTalk’s security was widely criticised after the hack on October 21, in which 15,656 bank numbers and sort codes, and 28,000 debit and credit card numbers were stolen. Many more had email addresses and other data taken.

Four people have been arrested in connection with the attack, which TalkTalk has said could cost it up to £35m.